Merge pull request #80820 from mattmelgard/defer-delete-kubelet-bootstrap

kubeadm: add a defer to kubelet bootstrap token deletion
This commit is contained in:
Kubernetes Prow Robot 2019-08-05 02:57:48 -07:00 committed by GitHub
commit 040ce52a43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -93,13 +93,16 @@ func getKubeletStartJoinData(c workflow.RunData) (*kubeadmapi.JoinConfiguration,
// runKubeletStartJoinPhase executes the kubelet TLS bootstrap process.
// This process is executed by the kubelet and completes with the node joining the cluster
// with a dedicates set of credentials as required by the node authorizer
func runKubeletStartJoinPhase(c workflow.RunData) error {
func runKubeletStartJoinPhase(c workflow.RunData) (returnErr error) {
cfg, initCfg, tlsBootstrapCfg, err := getKubeletStartJoinData(c)
if err != nil {
return err
}
bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath()
// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap is removed from disk
defer os.Remove(bootstrapKubeConfigFile)
// Write the bootstrap kubelet config file or the TLS-Bootstrapped kubelet config file down to disk
klog.V(1).Infof("[kubelet-start] writing bootstrap kubelet config file at %s", bootstrapKubeConfigFile)
if err := kubeconfigutil.WriteToDisk(bootstrapKubeConfigFile, tlsBootstrapCfg); err != nil {
@ -167,11 +170,6 @@ func runKubeletStartJoinPhase(c workflow.RunData) error {
return errors.Wrap(err, "error uploading crisocket")
}
// Deletes the bootstrapKubeConfigFile, so the credential used for TLS bootstrap are removed from disk
if err := os.Remove(bootstrapKubeConfigFile); err != nil {
return errors.Wrapf(err, "error deleting %s", bootstrapKubeConfigFile)
}
return nil
}